Security News > 2023 > February > GoAnywhere MFT zero-day vulnerability lets hackers breach servers
The developers of the GoAnywhere MFT file transfer solution are warning customers of zero-day remote code execution vulnerability on exposed administrator consoles.
GoAnywhere is a secure web file transfer solution that allows companies to securely transfer encrypted files with their partners while keeping detailed audit logs of who accessed the files.
"A Zero-Day Remote Code Injection exploit was identified in GoAnywhere MFT," warns the GoAnywhere security advisory.
On the file system where GoAnywhere MFT is installed, edit the file " /adminroot/WEB INF/web.
BleepingComputer has identified local governments, healthcare companies, banks, energy firms, financial services companies, museums, and computer part manufacturers utilizing the GoAnywhere file transfer solution.
Even a single breach leveraging GoAnywhere MFT's zero-day flaw could leak sensitive information that could be used for extortion.
News URL
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Fortinet confirms data breach after hacker claims to steal 440GB of files (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- Temu denies breach after hacker claims theft of 87 million data records (source)
- Russian security firm Dr.Web disconnects all servers after breach (source)
- Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms (source)
- Dell investigates data breach claims after hacker leaks employee info (source)
- Rackspace internal monitoring web servers hit by zero-day (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)